From 160f3cbc9bdc26d2dd9f7f69d7708ff2d477fce4 Mon Sep 17 00:00:00 2001
From: Robin Raymond <robin@robinraymond.de>
Date: Sun, 26 Nov 2017 07:59:31 +0100
Subject: [PATCH] open port 80 when using LE certs. fixes #42

---
 README.md                  | 5 +++--
 default.nix                | 3 ++-
 mail-server/networking.nix | 3 ++-
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index bc1de25..9021d67 100644
--- a/README.md
+++ b/README.md
@@ -143,8 +143,9 @@ common ones.
         # address = forward address;
         "abuse@example.com" = "user1@example.com";
     };
-    
-    # Use Let's Encrypt certificates
+
+    # Use Let's Encrypt certificates. Note that this needs to set up a stripped
+    # down nginx and opens port 80.
     certificateScheme = 3;
 
     # Enable IMAP and POP3
diff --git a/default.nix b/default.nix
index 1631e13..3a13987 100644
--- a/default.nix
+++ b/default.nix
@@ -193,7 +193,8 @@ in
         3) You let the server create a certificate via `Let's Encrypt`. Note that
            this implies that a stripped down webserver has to be started. This also
            implies that the FQDN must be set as an `A` record to point to the IP of
-           the server. TODO: Explain more details
+           the server. In particular port 80 on the server will be opened. For details
+           on how to set up the domain records, see the guide in the readme.
       '';
     };
 
diff --git a/mail-server/networking.nix b/mail-server/networking.nix
index f9b3336..c224b0a 100644
--- a/mail-server/networking.nix
+++ b/mail-server/networking.nix
@@ -27,7 +27,8 @@ in
         ++ lib.optional enableImap 143
         ++ lib.optional enableImapSsl 993
         ++ lib.optional enablePop3 110
-        ++ lib.optional enablePop3Ssl 995;
+        ++ lib.optional enablePop3Ssl 995
+        ++ lib.optional (certificateScheme == 3) 80;
     };
   };
 }